chrsin/TokenAuthUserResolver.cs

## TokenAuthUserResolver.cs
using System;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Security.Claims;
using System.Text.RegularExpressions;
using Sitecore;
using Sitecore.Pipelines.HttpRequest;
using Sitecore.Security.Authentication;
using Sitecore.Services.Infrastructure.Web.Http.Security;

namespace MyWebsite
{
    [ExcludeFromCodeCoverage]
    public class TokenAuthUserResolver : HttpRequestProcessor
    {
        private readonly ITokenProvider _tokenProvider;

        public TokenAuthUserResolver(ITokenProvider tokenProvider)
        {
            _tokenProvider = tokenProvider;
        }

        public override void Process(HttpRequestArgs args)
        {
            if (Context.IsLoggedIn)
                return;

            string authorize = args.HttpContext.Request.Headers["Authorization"];

            if (string.IsNullOrEmpty(authorize))
                return;

            Match match = Regex.Match(authorize, @"^Bearer ([^\.]+\.[^\.]+\.[^\.]+)$");
            if (!match.Success)
            {
                //Maybe log this? Someone might be trying to tamper with auth
                return;
            }

            try
            {
                Group smt = match.Groups[1];
                string token = smt.Value;

                ITokenValidationResult tokenResult = _tokenProvider.ValidateToken(token);

                if (!tokenResult.IsValid)
                    return;

                Claim usernameClaim = tokenResult.Claims.FirstOrDefault(x => x.Type == "MyWebsite.Username");
                if (usernameClaim == null)
                    return;

                AuthenticationManager.Login(usernameClaim.Value);
            }
            catch (Exception)
            {
                //If something threw it was not a valid token and we ignore it
            }
        }
    }
}
	using System;
	using System.Diagnostics.CodeAnalysis;
	using System.Linq;
	using System.Security.Claims;
	using System.Text.RegularExpressions;
	using Sitecore;
	using Sitecore.Pipelines.HttpRequest;
	using Sitecore.Security.Authentication;
	using Sitecore.Services.Infrastructure.Web.Http.Security;

	namespace MyWebsite
	{
	[ExcludeFromCodeCoverage]
	public class TokenAuthUserResolver : HttpRequestProcessor
	{
	private readonly ITokenProvider _tokenProvider;

	public TokenAuthUserResolver(ITokenProvider tokenProvider)
	{
	_tokenProvider = tokenProvider;
	}

	public override void Process(HttpRequestArgs args)
	{
	if (Context.IsLoggedIn)
	return;

	string authorize = args.HttpContext.Request.Headers["Authorization"];

	if (string.IsNullOrEmpty(authorize))
	return;

	Match match = Regex.Match(authorize, @"^Bearer ([^\.]+\.[^\.]+\.[^\.]+)$");
	if (!match.Success)
	{
	//Maybe log this? Someone might be trying to tamper with auth
	return;
	}

	try
	{
	Group smt = match.Groups[1];
	string token = smt.Value;

	ITokenValidationResult tokenResult = _tokenProvider.ValidateToken(token);

	if (!tokenResult.IsValid)
	return;

	Claim usernameClaim = tokenResult.Claims.FirstOrDefault(x => x.Type == "MyWebsite.Username");
	if (usernameClaim == null)
	return;

	AuthenticationManager.Login(usernameClaim.Value);
	}
	catch (Exception)
	{
	//If something threw it was not a valid token and we ignore it
	}
	}
	}
	}